Apple iPhone jailbreak? STOP! KeyRaider is your worst iOS nightmare made real [u2]

jailbreak Apple iPhone iOS KeyRaider
Credit: Jay Freeman @saurik

@saurik, Cydia creator, fiddles while Rome burns?

Don't jailbreak your iPhone or iPad. That's the stark warning given by some commentators after a huge hack came to light. Hundreds of thousands of Apple accounts got hijacked, thanks to the KeyRaider iOS malware from a Chinese Cydia repo.

Of course, we need to separate legit jailbreaking—to enhance the user experience—from the naughty kind—to pirate App Store apps. This malware seems to be connected to the naughty kind. So perhaps it serves the victims right?

Anyway, It's a cautionary tale for all jailbreakers. Think twice before you root, people. (And then do it anyway.)

In IT Blogwatch, bloggers tut-tut and wag fingers. Not to mention: China China China China, China-China...

curated these bloggy bits for your entertainment.
[Developing story: Updated 9:07 am and 1:40 pm PT]


Dan Goodin breaks the bad news:

A newly discovered malware family that preys on jailbroken iPhones has collected login credentials for more than 225,000 Apple accounts.

Malicious code surreptitiously included with Cydia apps [has] pilfered account data...disabled some infected phones until users pay a ransom, and...made unauthorized charges against some victims' accounts.

As if the theft of...credentials wasn't bad enough, the data was uploaded to a website that contained a SQL-injection vulnerability [making] it trivial for outsiders to access. [It] provides a cautionary tale about the risks of jailbreaking iPhones.  MORE


And Darren Pauli fills in the blanks:

The hack spree...is hitting jailbroken iThings – devices that have had Cupertino's strict device security controls bypassed and disabled. ... People install jailbreak tools to use additional iThing tweaks available through the alternative Cydia store, and – for some – to pirate software.

The attack was discovered by a Yangzhou University student known as i_82 who worked with [Claud] Xiao alongside a group. Together they exploited an SQL injection vulnerability on the bad guy's server [and] siphoned about half of the stolen accounts before the VXer became savvy and punted the white hats.  MORE


Claud Xiao helped discover the problem:

In cooperation with WeipTech, we have identified 92 samples. ... We have analyzed [them] to determine the author’s ultimate goal and have named [it] “KeyRaider”. We believe this to be the largest known Apple account theft caused by malware.

KeyRaider...is distributed through third-party Cydia repositories in China. In total, it appears this threat may have impacted users from 18 countries. [It] hooks system processes through MobileSubstrate and steals Apple account usernames, passwords...device GUID...push notification service certificates...private keys...App Store purchasing information, and disables local and remote unlocking functionalities. 

KeyRaider, as far as we know, only spreads through Weiphone’s Cydia repositories. ... Unlike other Cydia sources such as BigBoss or ModMyi, Weiphone [users] can directly upload their own apps and tweaks and share them with each other. 

Since his user name was also hard-coded into the malware...we strongly suspect “mischa07” is KeyRaider’s original author. ... Another Weiphone user that distributed the KeyRaider malware is “氵刀八木” or “bamu”.  MORE


So Sarah Perez offers this droll summary, then puts the issue in context:

Jailbreaking your iPhone has its downsides.

Jailbreaking...allowed users to personalize their iPhone with...themes, widgets, launchers, different user interfaces and more. [It] declined in popularity as Apple began to address some of the reasons users jailbroke their phones in the first place [with] Today widgets, dynamic wallpapers, improved multitasking experiences, custom keyboards, and more.

The malware is more of a concern in China, not only because of the way it was being distributed (through Chinese Cydia repositories), but also because many sellers in the country sell pre-jailbroken iPhones to customers. ... Apple had a reported 885 million iTunes accounts as of a year ago, so 225,000 affected individuals is a very small percentage of Apple account holders.  MORE


Meanwhile, Joseph Steinberg has an urge to urge this urge: [You're fired -Ed.]

This incident highlights the risk of jailbreaking devices: if you undermine the security that was designed and built into devices...you take on responsibility to secure your device from all sorts of risks.

KeyRaider also undermines the oft-repeated, but certainly false, claim that Apple devices cannot be infected with malware. [It] is also likely to motivate criminals to create other forms of similar malware in the future.  MORE


Update 1: "FUD" cries Tony Bradley, who just wants everyone to calm down:

The news is salacious...but it’s also very misleading. ... The vast majority of iOS users have nothing to fear.

[Because] the exploit only works on jailbroken iOS devices...the victims hacked their own iPhones first and opened the door to allow a threat like KeyRaider to compromise their accounts. ... For those who made a conscious decision to violate the EULA, void the warranty and forego the inherent protection Apple provides...the headlines announcing that they’re at risk should come as no surprise.

FUD—fear, uncertainty, and doubt—makes for sensational news and drives people to be concerned about things they don’t need to be concerned about. ... Breathless headlines about hundreds of thousands of Apple iPhones or iOS accounts being hacked incite anxiety for millions of iOS users who actually have nothing to fear.

If you think you want an iPhone but plan to jailbreak iOS...do yourself a favor and just buy a Samsung Galaxy S6.  MORE


Update 2: And Andrea Peterson agrees you should stay within Apple's family-friendly, sexless walled garden of pomaceous monetization:

Apple did not immediately respond to a request for comment [but] the problem appears to be isolated to phones that were altered to bypass Apple's attempts to keep users safe.

The Librarian of Congress, which approved an exception to the [DMCA], allowing consumers to jailbreak their smartphones. But Apple discourages the practice. And this incident is a good example of why.

U.S. consumers probably don't have too worry about this specific malware right now: KeyRaider seems to have only been spread through a Chinese app repository. ... Jailbreaking is particularly common in China, where whole industries have taken root profiting from it.

The whole situation is another reason everyday consumers may want to be wary before stepping outside of Apple's walled app garden.  MORE


And Finally...
I'm not clear -- which country is uppermost on Donald J. Trump's mind?
[hilarious supercut via Andy Baio]


You have been reading IT Blogwatch by , who curates the best bloggy bits, finest forums, and weirdest websites… so you don't have to. Catch the key commentary from around the Web every morning. Hatemail may be directed to @RiCHi or itbw@richi.uk. Opinions expressed may not represent those of Computerworld. Ask your doctor before reading. Your mileage may vary. E&OE.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies